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In this paper we show that reversible analysis of logic languages by abstract interpretation can 
be performed without loss of precision by systematically refining abstract domains. The idea 
is to include semantic structures into abstract domains in such a way that the refined abstract 
domain becomes rich enough to allow approximate bottom-up and top-down semantics to agree. 
These domains are known as condensing abstract domains. Substantially, an abstract domain 
is condensing if goal-driven and goal-independent analyses agree, namely no loss of precision is 
introduced by approximating queries in a goal-independent analysis. We prove that condensation 
is an abstract domain property and that the problem of making an abstract domain condensing 
boils down to the problem of making the domain complete with respect to unification. In a 
general abstract interpretation setting we show that when concrete domains and operations give 
rise to quantales, i.e. models of propositional linear logic, objects in a complete refined abstract 
domain can be explicitly characterized by linear logic-based formulations. This is the case for 
abstract domains for logic program analysis approximating computed answer substitutions where 
unification plays the role of multiplicative conjunction in a quantale of idempotent substitutions. 
Condensing abstract domains can therefore be systematically derived by minimally extending any, 
generally non-condensing domain, by a simple domain refinement operator. 

Categories and Subject Descriptors: D.3.1 [Programming Languages]: Formal Definitions and 
Theory — semantics; D.3.2 [Programming Languages]: Language Classifications — constraint 
and logic languages; F.3.2 [Logics and Meanings of Programs]: Semantics of Programming 
Languages — program analysis 

General Terms: Languages, Theory 

Additional Key Words and Phrases: Abstract interpretation, abstract domain, completeness, 
linear logic, logic program analysis, condensation 



1. INTRODUCTION 

Logic program analysis and optimization algorithms are often goal-directed. This 
means that the analysis is constructively derived from a goal-directed semantics and 
the properties of the resulting analysis, such as its precision, depend on this choice. 
For instance, it is well known that, in general, goal-independent an alyses of logic 



programs, like those obtainable with bottom-up/top-down analyzers Barbuti et al 
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1993; Bruynooghc 1991; Codish et al. 1994 1 , may be less precise than goal-directed 
ones (cf. [Marriott and S0ndergaard 1993, Section 4]). Goal-independent analysis 
can be thought ol as an analysis for all possible initial queries, while in a goal- 
directed analysis, a given query with a fixed initial state is executed in the abstract 
domain. In the latter case, the result may be refined by knowing in advance the 
initial calls. On the contrary, it may also happen that goal- independent analyses 
are more precise than goal-directed ones, for instance when failure properties are 
observed. 



1.1 The problem 

The problem of making the analysis independent from the choice of the initial query 



Scozzari 1998; Marriott and S0ndergaard 1993 1. The idea of condensing procedures 



has been considered by many authors (see e.g. | Codish and Lagoon 2000 Debray 
1994 ; Jacobs and Langen 1992]; King and Lu 2002 ; Langen 199Cl| ; Giacobazzi and 



introduced by Langen [199C | captures the essence of this discussion, providing a 
characterization of goal- independent evaluation of procedure calls: The approxi- 
mation of the semantics of each predicate (called condensed procedure) defined in a 
program is pre-computed in such a way that any specific call can be approximated 
without computing a fixpoint, but simply by unifying it against the condensed pro- 
cedure defining that predicate. However, condensation may loose precision. A loss 
of precision occurs in condensed procedures when the abstract computation of a 
procedure call cannot be reconstructed by unifying that call with the correspond- 
ing condensed procedure. This is due to the properties of abstract unification on 
some abstract domains. A domain where no loss of precision occurs in evaluating 
condensed procedures is called condensing. The problem of systematically design- 
ing condensing abstract domains is still open. The relevance of this problem relies 
upon the importance of condensing domains in efficient static program analysis. 
Moreover, few condensing abstract domains are known, all of them being down- 
ward closed domains. In this context, it is highly desirable to have a formal setting 
where possibly non-downward closed condensing abstract domains can be designed 



and proved correc t , e.g. for relev ant program properties like variable aliasing [ Jacobs 
and Langen 1992 ; Langen 1990 1. 



1.2 The main result 

In this paper we give a domain-theoretic characterization of condensing abstract 
interpretations. We prove that it is always possible to make abstract domains 
condensing by minimally refining domains, i.e. by introducing the least amount of 
information that makes the domain condensing. We prove that this is an instance 
of a more general problem of making a domain complete with respect to some se- 
mantic operator. The intuition is that a complete abstract interpretation induces 
an abstract semantics where no loss of precision, relatively to the power of repre- 
sentation of the underlying abstract domains, is accumulated by computing with 
abstract objects JCousot and Cousot 1979 1. In static program analysis, decidability 
issues commonly force to sacrifice completeness for achieving termination and/or 
efficiency; examples of complete abstract interpretations more frequently occur in 
other fields of application. For instance, several complete abstractions of algebraic 
polynomial systems have been studied by Cousot and Cousot [1997], and many 
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complete abstract interpretations can be found in comparative program semantics 
JCousot 1997 ; Cousot and Cousot 1992; Giacobazzi 1996| and in model checking by 
abstract interpretation [Cousot and Cousot 200C ; Ranzato 2001 1. 

The possibility of making abstract domains complete with respect to any con- 
tinuous semantic operator has been shown in [Giacobazzi et al. 2000 1, where we 
proved that any abstract domain A can always be constructively extended into 
the most abstract domain which includes A and is complete for a given continu- 
ous function / — the resulting domain is called the complete shell of A and /. 
In this paper we apply this technique to systematically derive condensing abstract 
domains. In particular we consider the problem of minimally modifying abstract 
domains in order to make them condensing yet providing an easily representable 
structure for the objects of the refined domain. We prove that this is an instance 
of a particular completeness problem arising when concrete semantic domains and 
operations give rise to a particular algebraic structure called quantale. Quantales 
are well-known algebraic structures which turn out to be models of propositional 
linear logic (see [ Rosenthal 1990 ; Ycttcr 1990 1 ) . This is particularly important in 
our context, because quantales naturally model a number of different and novel 
notions of completeness arising in abstract interpretation, including condensation 
as an instance. Interestingly, in this context it turns out that the objects of com- 
plete refined abstract domains can be elegantly represented as linear implications, 
with a clean logical interpretation. More in detail, a quantale (C<,®) consists of 
a complete lattice C< together with a binary operation ® : C x C — > C which 
is additive (i.e., preserves arbitrary lub's) on both arguments. As a main feature, 
quantales support a notion of linear implication between domain's objects: Given 
a, b G C, there exists a unique greatest object a^ieC which, when combined by 
(B> with a, gives a result which is approximated by b. In other terms, the following 
modus ponens law a ® x < b •<=>• x < a —° b holds. When refining abstract do- 
mains in order to get completeness in a setting where concrete interpretations are 
quantales, linear implication allows us to elegantly characterize complete domain 
objects in a variety of situations. It is worth noting that an efficient representation 
of abstract objects in abstract interpretation is essential in order to automatically 
(or, at least, quickly) implement abstract domains, e.g. by exploiting the logical 
properties of the abstract objects (see the use of Binary Decision Diagrams in the 
implementation of classical propositional logic-based abstract domains for ground- 
ness analysis and in abstract model checking) ; to study the properties of abstract 
operations, like for instance their precision; to help the intuition to understand how 
specific abstract domains work. Let us denote by uco(C) the complete lattice of all 
abstract domains (modulo isomorphic representation of their objects) abstracting 
a given domain C (cf. | Cousot and Cousot 1979| ). This lattice is ordered by the 
relative precision of domains: For any A,Be uco(C), A C B if A is more con- 
crete (more precise) than B. Given a quantale (C< , ®) and an abstract domain 
A 6 uco(C), we characterize the most abstract domain X 6 uco(C) such that 
X C A and X is complete for <S>, namely if ax ■ C — ► X is the corresponding 
abstraction map then the equation ax(- <8 ■) = ax (cx( ) ® ax (•)) holds. We prove 
that a domain is condensing if and only if a weakened form of completeness holds: 
ax(ax{-) ® Oix(-)) = ct x {- ® ot x {-)) = a x {a x {-) ® •)■ Thus, given A e uco(C), 
we characterize the most abstract domain X e uco(C) such that X C A and X 
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is condensing. Intuitively, X is condensing when there is no loss of precision in 
observing in X the result of <g> when one of its arguments is approximated in X. 
The set of idempotent substitutions endowed with unification forms a quantale. 
As a consequence abstract domains can be refined and constructively made con- 
densing, providing their objects with an elegant logical characterization as linear 
implications in the quantale of idempotent substitutions. This is a generalization 
of an analogous result given by Giacobazzi and Scozzari [1998| , which characterizes 
condensing downward closed domains as solutions of domain equations involving 
intuitionistic implications. 



2. BASIC NOTIONS 
2.1 Notation 

If S and T are sets, then p(S) denotes the powerset of S, S — >T denotes the 
set of all functions from S to T, and for a function / : S — > T and X C S, 
f(X) = {/(x) | x G X}. By g o f we denote the composition of the functions 
/ and g, i.e., g o f = Xx.g(f(x)). The identity function Ax.x is denoted id. The 
notation P< denotes a poset P with ordering relation <, while (C, <, V, A, T, _L) 
denotes a complete lattice C, with ordering <, lub V, gib A, greatest element (top) 
T, and least element (bottom) _L. Somewhere, <p will be used to denote the 
underlying ordering of a poset P, and Vc, Ac, Tq and Tp will denote operations 
and elements of a complete lattice C. Let P be a poset and S C P. Then, 
max(S) = {x £ S \ Vy <E S. x <p y => x = y} denotes the set of maximal 
elements of S in P; also, the downward closure of S is defined by | S = {i G 
P | 3y G S. x <p y}, and for x G P, J. x is a shorthand for I {x}. We use the 
symbol C to denote pointwise ordering between functions: If S is any set, P a 
poset, and f,g : S — ► P then / C. <? if for all x G 5, /(x) <p g(x). Let C and 
P be complete lattices. Then, C J ^D, C^^D, C^^D, and C^^D denote, 
respectively, the set of all monotone, (Scott-)continuous, additive, and co-additive 
functions from C to P. Recall that / G C ^-^D iff / preserves lub's of (non-empty) 
chains, and / : C — ► P is (completely) additive if / preserves lub's of arbitrary 
subsets of C (emptyset included). Co-additivity is dually defined. We denote by 
tfp(f) an d 9fp(f), respectively, the least and greatest fixpoint, when they exist, 
of an operator / on a poset. If / G C-^C then lfp(f) = V^n^^c), where, 
inductively, /°(x) = x and p +1 {x) = f{f(x)). Dually, if / is co-continuous then 
gfp(f) = Ai S N/ 4 (T c ). {PX_L c )}ieN and {/ 4 (T c )} i6N are called, respectively, the 
upper and lower Kleene's iteration sequences of /. 



2.2 Logic programming 

Let V be an infinite set of variables and Term be the set of terms with variables in 
V. A substitution a is a mapping from V to Term such that {v G V | o~(v) ^ v} is 
a finite set. By sa and <r(s) we denote the application of a to any syntactic object 
s, while vars(s) denotes the set of variables occurring in s. A term t is ground if 
vars{t) = 0. The composition of substitutions is denoted by aoO = Xx.a(8(x)). The 
set of idempotent substitutions modulo renaming ~ (i.e., given 9 and a idempotent, 
9 ~ a if and only if there exist two substitutions f3 and 5 such that 9 — j3 o a and 
o~ = 8o9) is denoted by Sub. Sub is partially ordered by instantiation, denoted by X: 
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a -< 9 iff 35 G Sub. a = S o 9. By adding to Sub an extra object r as feast efement, 
one gets a compiete fattice (Sub T , ^, V, A, e, r), where V is the feast general anti- 
instance, e is the empty substitution, and A is the standard unification, which is 
unique modulo renaming (see [Eder 1985 and [ Palamidessi 199C| , Sections 3 and 4] 



for the details). In the following, for a, 9 G Sub, we will write a A 9 ^= r to denote 
that a and 9 unify. 

2.3 The lattice of abstract interpretations 

In standard Cousot and Cousot's abstract interpretation theory, abstract domains 
can be equivalently specified either by Galois connections (GCs) , i.e., adjunctions, 
or by upper closure operators (uco's) flCousot and Cousot 1979 1 . In the first case, 



concrete and abstract domains C and A (both assumed to be complete lattices 
are related by a pair of adjoint functions of a GC (a, C, A, 7), where a and 7 are 
the abstraction and concretization maps. It is usually assumed that (a, C, A, 7) 
is a Galois insertion (GI), i.e., a is onto or, equivalently, 7 is 1-1. In the second 
case, instead, an abstract domain is specified as a uco on the concrete domain C, 
i.e., a monotone, idempotent and extensive operator on C. These two approaches 
are perfectly equivalent, modulo isomorphic representation of domain's objects. 
Given a complete lattice C, it is well known that the set uco(C) of all uco's 
on C, endowed with the pointwise ordering C, gives rise to the complete lattice 
(uco(C), C, U, Xx. Tc,id). Let us recall that each p G uco(C) is uniquely deter- 
mined by the set of its fixpoints, which is its image, i.e. p(C) = {x G C \ p{x) = x}, 
since p = Xx. A {y G C \ y G p(C), x < y}. Moreover, a subset X C C is the set 
of fixpoints of a uco on C iff X is meet-ciosed, i.e. X = M(X) = {AY Y C X} 
(note that T c = A0 G M(X)). For any X C C, M(X) is caifed the Moore-closure 
of X, and X is a generator set for A4(X). Also, p C 77 iff 77(C) C p(C); in this 
case, p is a so-calfed refinement of 77, and if p C 77 then porj = rjop = r]. Often, 
we will identify closures with their sets of fixpoints. This does not give rise to 
ambiguity, since one can distinguish their use as functions or sets according to the 
context. In view of the equivalence above, throughout th e paper, (uco(C), E) will 



play the role of the lattic e of abstract interpretations of C | Cousot and Cousot 1977 
|Cousot and Cousot 1979]| , i.e. the complete lattice of all the abstract domains of the 
concrete domain C. When an abstract domain A is specified by a GI (a, C, A, 7), 
Pa = 7 ol G uco(C) is the corresponding uco on C . The ordering on uco(C) cor- 
responds to the standard order used to compare abstract domains with regard to 
their precision: A\ is more precise than A2 (i.e., A\ is more concrete than A2 or 
A2 is more abstract than A\) iff A\ C A2 in uco(C). Lub and gib on uco(C) have 
therefore the following reading as operators on domains. Let {Ai}i e j C uco(C): 
(i) U ie jAi is the most concrete among the domains which are abstractions of all the 
Ai's; (ii) n ie jAi is the most abstract among the domains which are more concrete 
than every A4 - this domain is also known as reduced product of all the A^s. 

2.4 Completeness in abstract interpretation 

Completeness in abstract interpretation uniquely depends upon the abstraction 



map [Giacobazzi and Ranzato 1997 1. Let us consider the simple case of an ab- 
stract interpretation specified by an abstract domain A and an abstract operation 
P : A — ► A approximating a concrete semantic operation / : C — ► C. Then, /" 



6 



is (sound and) complete if p o / = /' o p, where p £ uco(C) is the uco associated 
with A. It turns out that if /" is complete then the best correct approximation 
of / in A, i.e. p o / : A — > A, is complete as well, and, in this case, /" indeed 
coincides with p o f. Thus, for any A, one can define a complete abstract semantic 
operation f» : A — ► A over A if and only if p o f ; A — ► A is complete. Hence, 
an abstract domain p £ uco(C) is defined to be complete for / iff p o f = p o f o p 
holds. This simple observation makes completeness an abstract domain property, 
namely an intrinsic characteristic of the abstract domain. It is also worth recalling 



that, by a well-known result Cousot and Cousot 1979, Theorem 7.1.0.4], complete 



abstract domains are "fixpoint complete" as well, i.e., if p is complete for / then 
Pitfp( f)) — tfp(p ° /); while t he converse, in general, does not hold. 

In flGiacobazzi et al. 2000 1 we gave a constructive characterization of complete 



abstract domains, under the assumption of dealing with Scott-continuous concrete 
functions. This result allows us to systematically derive complete abstract domains 
from non-complete ones in a minimal way. The idea is to build the greatest (i.e., 
most abstract) domain in uco(C) which includes a given domain A and which is 
complete for a set F of (continuous) functions, i.e., for each function in F. Given a 
set of continuous functions FCC C, Giacobazzi ct al. [2000] ] define a mapping 
TZf ■ uco(C) — ► uco(C) as follows: 

TZ F (p) = M( (J max{{x £ C \ f[x) < a})). 



Theorem 2.1. flGiacobazzi et al. 2000] A domain p £ uco(C) is complete for F 



iff P Q T^-f(p)- Moreover, IZp is co- additive. 

Thus, the most abstract domain which includes p and which is complete for F 
is gfp(\r).p n IZp (v))- This domain is called the complete shell of p for F (see 
flGiacobazzi ct al. 2000[ for more details). 

2.5 Quantales and linear logic 

Quantales originated in the algebraic foundations of the so-called quantum logic. 
Afterwards, they have been successfully c onsidered as algebraic models of Girard's 
linear logic [Rosenthal 199C; Ycttcr 1990[ . Informally, quantales can be thought of 



as a generalization of Boolean algebras, where the modus ponens law a A (a => b) < b 
holds relatively to a binary operation eg) of "conjunction" possibly different from the 
meet. The basic idea in a quantale is to guarantee that, for any two objects a and b, 
there exists a greatest (i.e., most abstract in abstract interpretation terms) object 
c such that a ® c < b. In the following, we restrict our attention to commutative 
quantales, i.e., quantales where the binary operation (g) is commutative. More 
formally, a (commutative) quantale is an algebra (C<,®) such that: 

— (C) < 5 V, A, T, _L) is a complete lattice; 

— Cg : C x C — ► C is a commutative and associative operation, i.e., a ® b = b ® a 

and (a <8> b) (8 c = a ® (b (8) c), for any a,b,c £ C; 
—a <8> (Vi G / h) = V ie /( a ® for an y a £ C and {bi} ieI C C. 

In other words, a quantale is a complete lattice endowed with a commutative 
and associative "product" ® which distributes over arbitrary lub's. Common ex- 
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amples of quantales are complete Boolean algebras, which become quantales by 
considering as ® their meet operation. In particular, for any set A, the alge- 
bra (p(A)c,r\) i s a quantale. Also, given a commutative and associative opera- 
tion ■ : A x A — ► A, a further basic example of quantale is (p(A)c, <8>), where 
X ® Y" = U I 3 ' ' 2/ I ^ ^ ^7 2/ ^ ^} i s the lifting of the operation • to sets. 

The fundamental property of quantales is that, for any a E C, the function 
Ax. a (g) x has a right adjoint, denoted by Xx.a —° x. This is equivalent to say that 
one can define a binary operation — o: C x C — ► C such that, for all a,b,c E C, 
the following property holds: 



a®b < c 



b < 



This is a straight consequence of the fact that, for all a E C, Xx.a <E> x is additive, 
and therefore, it has a unique right adjoint Xx.a — ° x giving rise to a GC. This 
right adjoint — «: C x C — ► C is therefore defined as follows: 

a^c= \f{beC\a<S>b<c}. 

A quantale (C<, ®) is called unital if there exists an object 1 E C, called unit, 
such that 1 ® a = a = a (8 1, for all a E C. (p(A)c, H) i s a trivial example of unital, 
commutative quantale, where A is the unit. 

From a logical point of view, it is well known that quantales turn out to be 
models of (commutative) linear logic Rosenthal 1990; Yetter 1990], where the linear 
implication is interpreted as the operation — o. The next proposition summarizes 



the basic properties of linear implication (see [Rosenthal 199C]). 

Proposition 2.2. Let (C<,<8>) be a unital, commutative quantale with unit 1, 
{xi}i£i C C and a, b, c E C. 



) = {b ® a) 

= Ate - 

is/ 
a) ^ a = < 



(i) a (g) (a — o c) < c (ii) a — o (6 ^> ( 

(hi) a — o (/\ Xj) = A( a -° x i) ( iv ) (V ~° ' 

ie/ is/ iei 

(v) a ^ (6 ^ c) = b (a — o c) (vi) 1 ^> a = a 

(vii) c < (c ^> a) — o a ( y iii) (( c ~° a ) 
(ix) if b < c then a (8 6 < a ® c 

In particular, from the above properties, it is easy to check that for all a E C, 
Ax.(x — o a) ^> a E uco(C). 

3. COMPLETENESS IN LOGICAL FORM 

In this section we consider completeness in quantales, providing a linear logic-based 
characterization of complete abstract interpretations of quantales. Let (C<,(8>) be 
a unital, commutative quantale playing the role of concrete interpretation, that is, 
C is the concrete domain provided with a semantic operation ® : C x C — > C. 
Let p E uco(C) be an abstract domain. Recall that p is complete for <g> when for 
all concrete objects i,j £ C, p{p{x) ® p{y)) = p(% ® y)- This is more compactly 
denoted by the equation po (g> o (p, p) = po(g>. Given any 77 E uco(C), we define the 
following set of unary (additive) functions F v C C^^C: 

F v = {Xx.x ® y I y £ 77}. 
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In particular, will be also denoted by Fc- It turns out that completeness of p 
for eg) is equivalent to completeness of p for Fc- 

Lemma 3.1. Let (C<,Cg>) be a commutative quantale and p G uco(C). The fol- 
lowing are equivalent. 

(i) p is complete for Cg); 

(ii) p o (g) o (p, id) — po (g>; 

(iii) p is complete for Fc ■ 

Proof. We first show (i) <^> (ii). Assume that po <g> o (p, p) = po®. Then, by 
monotonicity and extensivity of p, we get po<gi < po(®o(p,id) < po(g>o{p, p) = po®. 
On the other hand, assume that p o cg> o (p, id) — p o eg. By monotonicity and 
extensivity of p, p o eg < p o cg> o (p, p) = p o eg) o (p, id) o (id, p) — p o cg> o (io?, p) = (by 
commutativity of ®) = p o ® o (p, zd) = po®. 

Thus, p is complete iff Vx, y G C, p(p(x) ® y) — p(x eg) y), and this is equivalent 
to state that p is complete for the set of unary functions Fc = {Xx.x Cg> y | y G C}, 
which concludes the proof. □ 

Corollary 3.2. Lei (C<,<8>) 6e a commutative quantale and p G uco(C). XTie 
complete shell of p for <8> is gfp(\rj.p n 7£f c (77)). 



Proof. By Lemma 3.1, the complete shell of p for eg coincides with the complete 



shell of p for Fc- Each function in Fc is additive, and therefore continuous. Thus, 



by applying Theorem 2.1, the complete shell of p for <g) is gfp(Xr].p n 1Zf c (t])). □ 



Thus, the complete shell of any domain p for eg) can be constructively obtained by 
iterating the operator 1Zf c - Our main aim is to show that this operator and, more 
generally, the family of operators TZp , for any 77 £ uco(C), can all be characterized 
in terms of sets of linear implications. Let us define a domain operator — o : uco(C) x 
uco(C) — > uco(C) by lifting linear implication — o to abstract domains as follows: 
For any A, B G uco(C): 

A-^vB = M({a -^beC\aeA,be B}). 

Hence, A^oB is defined to be the most abstract domain in uco(C) containing all 
the linear implications from A to B. 

Theorem 3.3. Let (C<,Cg>) be a unital, commutative quantale. For any p,i] G 
uco(C), K Fv {p) = 77^0 p. 

Proof. Let us prove that TZ. Fn (p) = M({y —o a \ y £ r\,a G p}). 

TZf (p) = [ by definition of TZf„ ] 

M(Uf e F V}aep max({x G C \ f(x) < a})) = [ by definition of F v ] 
A4(Uy£ V , a< z p max({x G C \ x Cg) y < a})) = [ by commutativity of Cg> ] 

A4(Uy£ri, a< zpmax({x G C \ y Cg> x < a})) = [ by definition of — } 
M(Uy e r),aepmax({x G C \ x < y — ° a})) = 
M(U ye7haep {y -k> a}) = 
il^vp. 

This closes the proof. □ 
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The following basic properties of — o follow directly from the corresponding prop- 
erties of the linear implication in quantales. 

Proposition 3.4. For all A e uco(C) and {Bi} ieI C uco(C), we have: 

(i) AMr\ ieI B i )=r\ ieI (A^>B i ); 

(ii) A— °T uco (C) = T uco ( C ); 
(hi) C^oA^A; 

(iv) C^oA^C^(C^A). 

Proof. Points (i) and (ii) are straightforward. 



(hi). By Prop. [2.2| (vi), for all a & A it holds 1 — o a = a. Since 1 € C, it follows 
that a = l^aeC-<ii, and therefore C — o A Z A. 

(iv). By point (iii), C^oA fZ A, and therefore, by right monotonicity of 
C^(C^A) Z C— »A For the other inequality, consider an element belonging to 
{c—°aEC\cEC,a(zC -oA}. By definition, such an element can be written as 
follows: c — o Aiei(di —° o-i), for suitable c, di 6 C, and <Zj £ A, for all i £ I, where 
/ is a suitable set of indexes. Then, 



A te /K -° Oi) = A te i(c -o (di -o Oi)) 
= Aiei(( d < ® c ) -° «») 



[ by Prop. 2.2 



by Prop. 2.2 



Since, for all i € /, di ® c e C and a* G A, (di ® c) 
monotonicity of the Moore-closure, we get C-<>A Z C- 

This concludes the proof. □ 



.(C 



e C- 
A -oA). 



(iii) ] 
(ii)] 

>A. Then, by 



It is worth noting that, by points (iii) and (iv) above, the monotone operator 
XX.C—oX : uco(C) — > uco(C) is reductive and idempotent, and therefore it is a 
lower closure operator on uco(C). Also, it is important to note that in general A 
and A —° A are incomparable abstract domains. 

The following result shows that the complete shell of an abstract domain A for (g> 
is given by all the linear implications from the concrete domain to A. This provides 
a first representation result for objects of complete abstractions of quantales. 

Theorem 3.5. Let (C<,<8>) be a unital, commutative quantale and A £ uco(C). 
The complete shell of A for ® is C— o A. 



Proof. By Corollary |3.2|, the complete shell of A for ® is gfp(XX.Ar\U Fc (X)), 
and, by Theorem |J, this is gfp{XX.A nC^>I). We show that gfp{XX.A n 
C —°X) = C —°A by computing the corresponding Kleene's iteration sequence. 



{XX.AnC- 
(XX. A n C- 
(xx.AnC- 



, A)(T uco ( C) ) 
,X)(A) 
>X)(C^°A) 



= Anc- 
= Anc- 
= Anc- 



>T 



uco(C) 



>A 



= An T uc ^c } = A 
[by Prop. |j (ii)] 
= C^A 



Thus, C- 



[by Prop. 3J (hi)] 
>(C^oA) = AnC^A 

[by Prop. EO (iv)] 
= C^A 
[by Prop. |H (hi)] 

>A actually is the greatest fixpoint of XX. A \lC—oX. □ 
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The relevance of this result stems from the fact that, in the considered case of 
concrete quantales, the fixpoint construction of the complete shell of an abstract 
domain converges in two steps, and this provides a clean logical characterization for 
the objects of the complete shell in terms of linear implications. Furthermore, the 
following result yields an explicit logical characterization for the abstraction map 
associated with that complete shell. 

Theorem 3.6. Let (C<,<8>) be a united, commutative quantale and A G uco(C). 
Let p G uco(C) be the uco associated with C—° A. Then, for all c G C , 



P{c) = /\ (c -o a) 



aeA 



PROOF. Since A = \~] aeA {T c , a}, by Proposition (i), we have that C~^A = 



V\aeA C - °{Tc7) a}. Let us show that the closure operator p a G uco(C) associated 



with C —o{Tc, a} is p a — Ac.(c — o a) — o a, i.e., by Theorem 3.5, p a is the complete 
shell of {Tc,a} for Cg). Then, the thesis is a straight consequence, since, by defini- 
tion, for any c G C, p(c) = /\ g£ A p a (c ) — A a eA( c ~~° a ) ~° a - We nrs ^ snow that 



p a is complete for Cg). By Lemma 3.1, it is enough to show that for any x,y G C, 
Pa(.Ra{x) Cg) y) — p a (x ® y). We prove that p a (x) ®y < p a (x®y), since this implies 
Pa(pa(x) <S> y) < p a {x ® y) and the other inequality always holds. We have that 
y ® {y —° (x —o a)) < x — ° a, and therefore y Cg) (y —° (x — o a)) Cg) ((x — o a) — o 
a) < (x —o a) ® ((x — o a) — o a) < a. As a consequence, we have the following 
inequalities: 

y Cg) (y — o (x —o a)) ® ((x — o a) — o a) < a 
i/®((j;®y)^a)® ((a; — o a) — o a) < a 
y (g> ((x — o a) — o a) < ((x Cg) y) — o a) — o a 
y ® Po(^) < Pa(£ ® y). 

Thus, p is complete for Cg). Then, in order to conclude, we prove that p a is the great- 
est domain complete for eg) which contains the object a. Suppose, by contradiction, 
that there exists 77 G uco(C) such that 77(a) = a, 77 is complete for Cg and p a C 77. 
Therefore, there exists c G C such that 77(c) > p a (c), that is 77(c) > (c — ° a) — o a. 
Then, 77(c) Cg) (c — o a) ^ a, otherwise we would get 77(c) < (c — o a) — o a, which is a 
contradiction. As a consequence, rj{rj{c) Cg) r)(c —° a)) ^ a. But, by completeness of 
77, r)(r](c) Cg) 7y(c — o a)) = rj(c Cg) (c — o a)) < 77(a) = a, and this is the contradiction 
which closes the proof. □ 



4. CHARACTERIZING CONDENSING ABSTRACT DOMAINS 

In this section we give a characterization of condensing abstract domains as solu- 
tions of simple abstract domain equations, where the objects of condensing abstract 
domains have an immediate interpretation in a fragment of propositional linear 
logic. We consider a core logic programming language computing substitutions. 
Our basic semantic structure is the unital, commutative quantale (p(Sub)c, <8>), 
where (p(Sub), C) is a complete lattice and Cg) : p(Sub) x p(Sub) — ► p(Sub) is the 
standard lifting of unification A to sets of substitutions, namely: 



X Cg) Y = {x A y I x G X, y <EY, x Ay =/= t}. 
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Obviously, (p(Sub)c, ®) turns out to be a unital, commutative quantale, where 
{e} G p(Sub) is the unit. In the following, we will slightly abuse the notation by 
applying the operation <g> also to substitutions. 

4.1 A core logic programming language 

We consider programs as (finite) sets of procedure declarations, and we assume 
that each procedure can be declared in at most one clause of the form p(x) <— A. 
This assumption simplifies the treatment of condensing procedures: With each 
predicate p a single clause is allowed in the program. The non-deterministic choice 
in the definition of p is specified by allowing disjunction (J^) in clause-bodies. The 
following syntax specifies the structure of logic programs considered in this section. 
In the following definition £ p fin (Sub) stands for a finite set of substitutions. 

P ::= p(x) <- A | P.P 
A ::= Q\A®A \ £" = i >U I 

The forward semantics \{p{x), {i?})1p of a procedure call p(x)'& in a program P 
is defined as <S p ( 2 ) ({$}), as given by the following function on p(Sub), which is 
recursively defined on program's structure for any <E> G p(Sub): 

<S ($) = 0®$ 

S Ai ®a 2 (<S>) = 5 Al ($)®5 A2 ($) 

Sp( S) (S) = 5a(*) where p(x) <- A « P. 

In this definition <^g; selects a (renamed) clause from P where variables not in x are 
renamed apart from x and <E>. The forward concrete semantics of a logic program 
P with initial goal p{x) is therefore Fp tP (x) = A6.[(p(S), 0)]p. 

Thus, the best correct approximation of Fp. p (x) with respect to an abstract do- 
main p € wco(p(Sub)) is inductively defined as follows for any $ £ p(p(Sub)): 

Sg($) =p(0(8>$) 

= p(vr=i^w) 

= where A <« p - 

As above, the abstract semantics of a procedure call in a program P, with 
abstract initial call 6 e p, is defined as [(p(5), 0}] P = ^-^(G). The forward 
abstract semantics of a logic program P with initial goalp(a;) is therefore Fp p r m \ = 
AO.[(p(S), 0)] p. Note that, in each equation above, iS p is recursively defined as 
the best correct approximation of S in p. 

4.2 Generalizing condensing domains 

The first attempt to formally specify condensing procedures as an abstract do- 



main property was due to Marriott and S0ndergaard [1993 1. The authors consider 



downward-closed abstract domains: X G uco(p(Sub)) is downward-closed if any 
4> G X is closed by instantiation. In this case, the gib of X, that is set intersection, 
actually plays the role of abstract unification. A domain X G uco(p(Sub)) is called 
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condensing if for any program P, query Q, and </>, <f>' G X, we have: 

F* Q (<t>A(f/) = (f>AF? tQ W) 

where Pj^g : X — ► X is the best correct approximation in X of the goal-directed 
semantic function Pp.Q mapping a set of initial substitutions for the program P 



and query Q to their semantics. Giacobazzi and Scozzari [1998 gave a characteri- 



zation of condensing downward-closed abstract domains as so-called Heyting-closed 
domains. Heyting algebras are instances of quantales where linear implication is 
replaced by intuitionistic implication, i.e. the quantale multiplication is the meet 
operation. This perfectly models downward closed condensing abstract domains. 
Indeed, the collection of idempotent substitutions closed by instantiation, denoted 



by p^(Sub), is a complete Heyting algebra, i.e. a quantale (p^(Sub), A) [Giacobazzi 



and Scozzari 1998]. In this section, we generalize this construction to any, possi- 
bly non downward-closed, abstract domain. This characterization relies upon the 
following generalized notion of condensing abstract domain, where we assume that 
(p(Sub)c, <S>) is a quantale. 

Definition 4.1. An abstract domain p G uco(p(Sub)) is condensing for Ppg : 
p — ► p. indexed on programs P and queries Q, if for all O, <f> G p. 

F p pQ {p{Q^^))= P {Q®F pQ ^)). 

This property depends upon the domain p and the abst ract semantics F po , which 



in turn is defined on p. Not all domains are condensing: Marriott and S0ndergaard 



[1993 1 exhibit some non-condensing domains for groundness analysis. Let us see an 



example of an abstract domain which is not condensing. 

Example 4.2. Two variables x,y G V are said to be independent for the substi- 
tution 8 when vars(6{x)) n vars(6(y)) = 0. Let I xy be the set of substitutions for 
which x and y are independent: 

Ixy = {0 G Sub | vars{9(x)) n vars{9(y)) = 0}. 

We consider a finite set of variables of interest VI C„ V, which are the relevant 

fin ' 

variables. According to this, abstract domains are restricted to have variables in 
VI and do not explicitly show the set of relevant variables they refer to. The basic 
domain PShy/ for detecting pair-sharing (i.e., pairs of variables which may share 
a common variable) is given by the most abstract domain which contains all the 
objects I xy , for any x,y G VI, with x ^ y: 

PSh VI =M{{I xy \x,yeVI,x^ y}). 

The domain PShvr induces a Galois insertion (a, p(Sub), PShy7,7) defined as fol- 
lows: for all 8 G p(Sub), 

a(8) = /\{I xy | x,y G VI, x ^ y,V6 e 9 vars(9(x)) n mrs(%)) = 0}. 

Let P be the following program: 

p(X,Y)^{{X/a},{Y/a}}. 

For VI = {X,Y} we have that PSh w = {T,I X y}, where 7(T) = Sub. Let us 
denote by p the uco associated with PShy/- Note that the abstract operation (g> 
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on PShy-j is trivially defined as follows: For all A,B^ PShyj, p(A <E> B) = T (this 
is a consequence of the fact that {X/Z} <E> {Y/Z} = {X/Z,Y/Z} which does not 
belong to Ixy while both {X/Z} and {Y/Z} do). If we compute Fp, XY \ 
initial query $ = T we obtain: 

F P,p(X,Y)^) = Sp( X .Y) (~0 

= S {{X/a},{Y/a}}0~) 

= p({{X/a},{Y/a}}®T) = I XY . 
Therefore, being p(JxY ® T) = T, the following results hold: 

F k P{ x, Y) WxY ® T)) = Fe pp(XY) (T) = Ixy 

p {Ixy ® F p Pp{X Y) {T)) = p(Ixy <8 Ixy) = T. 

As a consequence, the domain p is not condensing for Fp, x Y y Q 

In the following we give a systematic method for designing condensing abstract 
domains for logic programs. This allows us to remove the possible loss of preci- 
sion between goal-independent vs. goal-directed static program analyses. This is 
achieved by observing that {e}, which is the unit element in (p(Sub)c , ®), rep- 
resents the weakest possible substitution. Therefore, if a condensing abstract do- 



main (p(p(Sub))c, p ° ®) satisfying Definition 4.1, is also a commutative quantale 
with unit p({e}), then for any set of substitutions 9 £ p(p(Sub)), we have that 
p(0 (g> Fp q{p{{t}))) — Fp q{Q). The idea here is that by computing the abstract 
semantics of a query with initial call in 0, i.e., -Fpg(0), we obtain the same result 
as unifying the substitutions in with the result of the semantics of the same query 
in the most general environment e, which is Fp g(p({e}))- This encodes the typical 
way we derive the analysis of a query in an initial state from a goal-independent 
(condensing) analysis: We filter out, by unification, those computations which do 
not satisfy the given initial state (cf. fBarbuti ct al. 1993 ]). 



4.3 Weak completeness 

It is worth noting that the abstract semantics of a program P is always defined 
by iterating abstract unification of a concrete substitution belonging to P against 
the result of the previous computation, which is an abstract object. The fixpoint 
of this iterated procedure gives the semantics of a predicate. As observed above, 
an abstract domain is condensing when it is possible to postpone the evaluation 
of a specific call after the evaluation of the semantics of each predicate, without 
any loss of precision. This means that it is possible to propagate the information 
contained in a query back to the semantics without recomputing the semantics of 
that query, by a simple unification operation. In this case, the semantics is obtained 
by computing the semantics of each predicate with the most general call. It is 
clear that completeness is sufficient to ensure condensation, since all intermediate 
abstractions can be removed from the fixpoint computation of the semantics of each 
predicate. However, a weaker form of completeness can be considered in view of 
the evaluation strategy implemented in the bottom-up semantics of logic programs 



[Barbuti et al. 1993; Codish et al. 1994]. The idea is that only one of the two 



arguments of unification is an abstract object. Our aim here is to formalize the 
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intuition that still no loss of precision is accumulated in the abstract computation 
when at least one argument of <S> is an abstract object. This happens in logic 
program analysis, when <g> is unification and the semantics consists in iteratively 
unifying concrete and abstract objects, which respectively come from program's 
clauses and the current abstract substitutions. We define an abstract domain p £ 
uco(C) to be weak- complete for (g> when: 

if either x £ p or y £ p then p(p(x) Cg> p(y)) = p(x <g> y). 

Hence, this is equivalent to require that p satisfies the following equalities: 

p o (g> o (p, p) = p o (gi o (p, id) = p o <g> o (id, p) . 

In turn, by the hypothesis of commutativity of <g>, this last condition is equivalent 
to the following single equation: 

po®o(p,p)=po®o(p,id). (1) 

It is worth pointing out that this is actually a weakening of standard completeness, 
i.e., any p complete for <g) is weak-complete for <g> as well. The converse does not 
hold. 

Then, for a given abstract domain A £ uco(C), we are interested in characterizing 
the most abstract domain p £ uco(C) which is more concrete than A and satisfies 
Equation (Q). This domain, when it exists, is called the weak-complete shell oi A for 
®. Weak-completeness problems can be solved by exploiting the same technique 
used for completeness, i.e., by resorting to a recursive abstract domain equation 
involving linear implication. The next theorem gives a recursive characterization 
of the solutions of Equation ([!]) . 

Theorem 4.3. Let (C<,(g>) be a unital, commutative quantale and p £ uco(C). 
The following are equivalent. 

(i) p o (g) o (p, p) — p o (gi o (p, id); 

(ii) p is complete for F p — {Xy.x ® y | x £ p}; 

(iii) p = pH (p-^>p). 

Proof, p o ® o (p, p) = p o ® o (p,id) holds iff for all a; G p and y s C it 
holds p(x g) p(y)) = p(x ® y), that is to say that p is complete for the set of 



unary functions F p = \\y.x ® y \ x £ p}. By Theorem 2.1, p is complete for F p 
iff p C TZp p (p). By Theorem ^.3| , this is equivalent to say that p C p—°p, and 
therefore p = pFl p^ p. □ 

Corollary 4.4. Le£ (C<, (g>) 6e a unital, commutative quantale and A £ uco(C). 
The weak-complete shell of~A for (g> is gfp(XX.A nln {X-^oX)). 



Proof. Since the operator XX. X — o X is clearly monotone^], from Theorem 4.3 



it directly follows that the most abstract domain which includes A and is weak- 
complete for <g) is given by gfp(xx.Anxnx^x). □ 



1 lt is worth noting that, even if Hp = Ary.p — or] is co-additive for any p 6 uco(C), this does not 
imply that the operator Xti-V—oV is co-additive as well. This is a consequence of the fact that the 
set of functions F p for which we want to be complete, changes at each iteration. 
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Thus, the weak-complete shell of a domain A G uco(C) is exactly the greatest 
solution in uco(C) of the following recursive abstract domain equation: 

x = Anx n(x^x). (2) 

4.4 Condensing domains in logical form 

We are now in the position to prove the main result of this section. In the follow- 
ing we prove that any abstract domain, which is solution of the recursive domain 
equation (Q), is a unital commutative quantale which satisfies the relevant property 
of being condensing and, under additional non-restrictive hypotheses, condensing 
domains are all and only the solutions of Equation (Q) . This result shows a surpris- 
ing link between completeness in abstract interpretation and condensing domains 
and, more importantly, it gives computational relevance in static program analysis 
to the notion of weak-completeness. Before proving this result, let us show the 
following simple property which will be used later. 

Lemma 4.5. Let (C<,£§>) be a unital, commutative quantale, p € uco(C) and 
ci, .., c n € C for n > 0. If p satisfies Eq. (|l|), then for all i, with 1 < i < n, it holds: 
p(p(ci) ® . . . ® p(c n -i) <g> p(c n j) = p(p(ci) <8) ... (8 p(c„_i) ® Cn). 

Proof. The proof is by induction on the number of applications of ®. 
(n = 0) is straightforward: p(p(c)) = p(c). 
(n > 1) follows by Eq. (@): 

p(p(ci) ® p(c 2 ) (8) ... (8) p(c„_i) <g> p(c„)) = [by Eq. @)} 
p{p{c\) <g> p{p{c2) ® . . . <g> p{c n -x) ® p{c n ))) = [by inductive hypothesis] 
p(p(ci) <g> p(p(c 2 ) <g> . . . <g> p{cn-i) ® Cn)) = [by Eq. (§])] 

p(p{ci) ® p(c2) (8 . . . ®/0(Cn_i) ® C„). □ 

Theorem 4.6. Let P be a program and p 6 uco(p(Sub)). If p = pV\ p—°p then 
p is condensing for Fp , s » . 

Proof. Let p be a solution of the recursive domain equation p = pU p^ p. Let 
$,8 €p. Since (p(Sub)c, <E>) is a unital, commutative quantale, it is sufficient to 
prove that S p is condensing, i.e., <S^(p(\P '® 0)) = p(\£®<S£(0)), for any procedure 
definition A. This is proved by induction on the structure of the procedure definition 
A. Let $,f,8e p(p(Sub)). 

— Consider 5$ . By Lemma |4.5| we have that 

S£(p(*<g>0)) = p($ ® p(* ® 9)) 
= p($ <g> * ® 0) 
= p(<J> ® $ <g> 6) 
= p(* ® p($ ® 0)) 
= p(*®<S£(p(0))). 

— Consider ^ . By Lemma and inductive hypothesis we have that 
•S£ lAA >(*®e)) = p(5^(p(*®0))®5^(p(*®0))) 

= p(*®5^(e)®*<»5^(e)) 

= p(*®p(5^(9)®5^(fl))) 
= P(*®^ lAAa (9)). 
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Recall that, by definition of quantale, the operation ® is 



-Consider A . 
additive. Therefore, by inductive hypothesis and Lemma }4.5| we have that 



p(V?=i^(*®e)) 
= p(V?=i*®5^(e)) 
= p(*®V2=i^(e)) 



-Consider S^-y The thesis follows immediately by definition and inductive hy- 
pothesis. □ 



The key point in the previous theorem is that the operation ® is additive, i.e., it 
distributes over arbitrary lub's. Thus, whenever the abstract domain contains all 
linear implications between any two abstract objects, no loss of precision is accumu- 
lated by distributing the abstract unification over non-deterministic computations, 
which are modeled by abstract disjunction. 



In order to prove the converse of Theorem 4.6, i.e., that condensing domains 
are solutions of Eq. w e need some additional hypotheses. The next result, 
together with Theorem |4.6| , provides a constructive characterization of condensing 
domains which are at least as precise as a given domain A. These are all and 
only those domains which are solutions of a recursive domain equation of the form 

x = Anxnx^x. 



Theorem 4.7. Let P be a program, p(x) be an atom, p £ uco(p(Sub)) and let 
X be a generator for p, i.e., A4(X) = p. Assume that for any ^ £ X there exist 
{01, . . . , ©„} C Sub, with n > 0, such that Qi is finite and the following conditions 
hold: 



-p(V?=i = 

If p is condensing for A0 £ p.\{p[x), Q)\ P P then p — p\~\ p^p. 

Proof. Let p be condensing. We have to prove that p Q p^p, i.e., that for any 
\& £ p, p($ — o v?) = $ — o <J>. Since X is a generator set for p, it suffices to show 
that for any <&, £ X, p(<I> -o f ) = $ -o $, Suppose, by contradiction, that there 
exist £ X such that p(<i> — o D $ — o Note that, by definition, $ — o * 
is the most abstract object A which satisfies <I> <g> A C <3>. Therefore, <3? (g> p($ — o 
VP) % ^ . By hypothesis there exists {©i, . . . ©„} C Sub, with n > 0, such that Qi 
is finite and the above conditions hold. Consider the program P = {p :— Y^i=i ®»} 



17 



consisting of n facts. Then, by hypothesis, we have that: 

p($®[<P,{e})]?>) = rt*®/>(V2=iP(H®ei))) 

= p($®p(vr=ip(©i))) 
= ^®p(vr=i^)) 

D p($ (g> ($ -o <&)) 

3 p(*®Vti®0 
= p(V2=i*®eO 

p(vr=i^®©i)) 



[(p,*)] p p 



Therefore p would not be condensing, which is a contradiction. □ 

The hypothesis in Theorem [4.7| is not restrictive for most domains used in logic 
program analysis. Conditions (1) and (2) say that any implicational object x —° 
y always approximates a finite disjunction of substitutions. This allows us, in 



Theorem 4.7 , to construct, for any implicational object x — ° y, a (finite) program 



having that object in the abstract semantics. The idea is that, in order to prove the 



converse of Theorem 4.6, any implicational object has to be the semantics of some 



well-defined program. The following characterization of condensing is therefore 



immediate by Theorems 4.6 and 4.7 



Corollary 4.8. Under the hypothesis of Theorem l^A', p is condensing for the 
semantic function AO £ p.\(p(x), 0}]p if and only ifp = pnp—°p. 



Example 4.9. Consider the domain p = {T,Ixy} as defined in Example 4.2. 
The following equivalences hold. 

— for all 8 6 p(Sub), from the definition of — o it follows that 8 — o T = T. 

— T -o I XY = {9 G Sub | V(5 G Sub ® 5 C I XY } = {6» e Sub | | 6 C I XY }. If 
either X or Y is ground in 6, then the result immediately follows. Otherwise, it is 
always possible to find an instance of 9 where X and Y share a common variable. 
Thus we have that T -o I XY = {6 E Sub | vars(9(X)) = or vars(6(Y)) = 0}. 

— Ixy — Ixy = {0 G Sub | V<5 6 Ixy (g>S <Z Ixy}- If either X or Y is ground in 
9, then it trivially holds 9 ® 6 C l X y . Consider now the case that both X and 
Y are not ground. Recall that, given a substitution 5 G Ixy, all variables but X 
and Y are allowed to share. Therefore, when unifying 9 ® S, we have to assure 
that no variable in 9 shares with any other variable. For example, if we consider a 
substitution 9 = {Z/W}, then by unifying with 5 = {X/Z, Y/W} we immediately 
obtain a substitution which does not belong to 1 X y ■ As a consequence, Ixy —° 
Ixy = {0 G Sub | vars(9(X)) = or uars(0(T)) = 0} U {0 G Sub | Vw £ 
dom(0) vars(6(v)) = 0}. 

Let us denote by G XY the set {0 G Sub | vars(9(X)) = or uars(0(y)) = 0} and 
by e G the set {0 G Sub | Vv G dom{9) vars(9(v)) — 0}. Since G^y C G^y U £g C 
Ixy C T, we have that p' = p n p—°p = {G X y,G X y U £G,^xy,T}. It is now 
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easily seen that p' —o p' = p' and therefore the most abstract solution to the domain 
equation p = p n p^p is p' = p U {Gxy, Gxy U £g}- By using p' we now obtain: 

^(xrjfpViF ® T)) = F^x.yjO") = 0741 ® T ) = 

and 



5. CONCLUSION 



We have shown a surprising link between completeness in quantale-like structures 
and condensation. This provides a characterization of condensing domains as mod- 
els of a fragment of propositional linear logic. The relation between completeness 
and reversible dataflow analysis has gained great attention in the last few years. As 



observed in [King and Lu 2002], the possibility of reusing code in logic program- 
ming is often related to the problem of figuring out how to query a program, and 
backward analysis allows us to automatic ally derive the pos sible modes in which 
predicates must be called. As proved in [ King and Lu 2002 ], this property needs 
condensing abstract domains. By this observation and from our characterization 
of condensing abstract domains in logical form, it seems possible to characterize 
reversible abstract interpretations in a pure domain-theoretic form. There are still 
many open questions along this line of research. It is for instance a ma jor chal- 
lenge to design condensing abstract domains for aliasing. Theorems [D] and L7 
give necessary and sufficient conditions to systematically design these domains, but 
the construction of non-downward closed condensing abstract domains, although 
clarified and made systematic, is still quite difficult due to the complex structure 
of the quantale of idempotent substitutions. This is the case if we are looking for 
the most abstract condensing domain refining sharing, which is an abstract do- 
main devoted to the static analysis of variable aliasing in idempotent substitutions 
[Jacobs and Langen 1992; Langen 1990 1 . In this case, the solution of the abstract 
domain equation X — sharing n X fl (X-oX) is still unknown. Our results can 



be used also to prove that known domains are condensing. Bcozzari [2002 proved 
that the domain Pos for groundness analysis [Armstrong et al. 1998 is the most 
abstract solution of the abstract domain equation X = Q n X — ► X, where Q is 
the domain of plain groundness in [Jones and S0ndergaard 1987 1. In view of The- 
orems 4.6 and 4.7, this provides an alternative proof of the known fact that Pos is 
condensing [Marriott and S0ndergaard 1993]. The advantage of our method with 
respect to other proofs is that it gives a constructive procedure to systematically 
design condensing domains even for non-downward closed properties. 
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